Skip to main content


Showing posts from November, 2018

Leveraging AWS for Incident Response: Part 1

When an incident occurs, time is everything. One significant challenge I’ve experience performing incident response is working with the large amounts of data needed by responders; storage mechanisms need to be accessible, fast, secure, and allow integrations with post-processing tools. There are many options for storage mediums, but by storing data in the Amazon AWS ecosystem your team can leverage many of the AWS services to store, process, and collaborate on incident response activities, enabling your team to scale response efforts. I’ve outlined some of the main reasons I use AWS below: Adopted by many organizations Ease of use Granular control over data storage, lifecycle and versioning Granular control over permissions Ease of automation (SQS/Lambda for example) Leveraging other AWS services to scale out incident response For this post, we’re only going to cover setting up a S3 bucket, creating a new user, creating a S3 bucket policy to limit access control for our use